Outlook Express Exposes User Mail

Outlook Express Exposes User Mail

Reported July 20 by Microsoft

Microsoft Outlook Express 4.0 through 5.01


By sending an unsuspecting user a specifically craft HTML message, a remote user could extract information from an Outlook Express mail preview pane and send that content to an offsite location for review.


Microsoft issued FAQ# FQ00-045 regarding this problem along with a patch and Support Online article Q267884, which also pertain to security issues MS00-043 and MS00-046.

Microsoft"s bulletin states that "this vulnerability can be eliminated by taking any of the following actions:

  • Installing the patch available at
  • Performing a default installation of Internet Explorer 5.01 Service Pack 1,
  • Performing a default installation of Internet Explorer 5.5
    on any system except Windows 2000.

Note: The patch requires IE 4.01 SP2 (http://www.microsoft.com/windows/ie/download/ie401sp2.htm) or IE 5.01 (http://www.microsoft.com/windows/ie/download/ie501.htm) to install. Customers who install this patch on versions other than these may receive a message reading "This update does not need to be installed on this system". This message is incorrect. More information is available in KB article Q267884"

Discovered by Microsoft

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.